{
  "entrypoint_kind": "endpoint",
  "entrypoint_detail": "HTTP POST /cgi-bin/luci/admin/system/systime through firmware uhttpd + original /www/cgi-bin/luci LuCI dispatcher/CBI handler",
  "service_started": true,
  "healthcheck_passed": true,
  "target_path_reached": true,
  "runtime_stack": [
    "Cudy LT300 firmware rootfs",
    "uhttpd",
    "LuCI dispatcher",
    "LuCI CBI model system/systime.lua",
    "qemu-mipsel",
    "proot"
  ],
  "proof_artifacts": [
    "logs/reproduction_steps.log",
    "logs/artifacts/http/vuln_attempt1_request.txt",
    "logs/artifacts/http/vuln_attempt1_response_headers.txt",
    "logs/artifacts/http/vuln_attempt1_response_body.txt",
    "logs/artifacts/http/vuln_attempt2_request.txt",
    "logs/artifacts/http/vuln_attempt2_response_headers.txt",
    "logs/artifacts/http/vuln_attempt2_response_body.txt",
    "logs/artifacts/http/fixed_attempt1_request.txt",
    "logs/artifacts/http/fixed_attempt1_response_headers.txt",
    "logs/artifacts/http/fixed_attempt1_response_body.txt",
    "logs/artifacts/http/fixed_attempt2_request.txt",
    "logs/artifacts/http/fixed_attempt2_response_headers.txt",
    "logs/artifacts/http/fixed_attempt2_response_body.txt",
    "logs/artifacts/product/code_identity.txt",
    "logs/artifacts/product/uhttpd_runtime.log",
    "logs/artifacts/product/proof_summary.txt"
  ],
  "notes": "Confirmed command execution through the original firmware uhttpd and LuCI /cgi-bin/luci/admin/system/systime endpoint in 2.4.5; the same original fixed 2.5.12 endpoint did not create the attacker-controlled proof files.",
  "exploit_status": "confirmed"
}
